diff options
Diffstat (limited to 'main/sdl2_image/CVE-2018-3839.patch')
-rw-r--r-- | main/sdl2_image/CVE-2018-3839.patch | 31 |
1 files changed, 0 insertions, 31 deletions
diff --git a/main/sdl2_image/CVE-2018-3839.patch b/main/sdl2_image/CVE-2018-3839.patch deleted file mode 100644 index 86370cbc4c..0000000000 --- a/main/sdl2_image/CVE-2018-3839.patch +++ /dev/null @@ -1,31 +0,0 @@ - -# HG changeset patch -# User Ryan C. Gordon <icculus@icculus.org> -# Date 1518038991 18000 -# Node ID fb643e371806910f1973abfdfe7f981e8dba60f5 -# Parent c5f9cbb5d2bbcb2150ba0596ea56b49efeed660d -xcf: check for some potential integer overflows. - -diff -r c5f9cbb5d2bb -r fb643e371806 IMG_xcf.c ---- a/IMG_xcf.c Wed Feb 07 16:18:54 2018 -0500 -+++ b/IMG_xcf.c Wed Feb 07 16:29:51 2018 -0500 -@@ -595,6 +595,18 @@ - SDL_RWseek(src, layer->hierarchy_file_offset, RW_SEEK_SET); - hierarchy = read_xcf_hierarchy(src); - -+ if (hierarchy->bpp > 4) { /* unsupported. */ -+ SDL_Log("Unknown Gimp image bpp (%u)\n", (unsigned int) hierarchy->bpp); -+ free_xcf_hierarchy(hierarchy); -+ return 1; -+ } -+ -+ if ((hierarchy->width > 20000) || (hierarchy->height > 20000)) { /* arbitrary limit to avoid integer overflow. */ -+ SDL_Log("Gimp image too large (%ux%u)\n", (unsigned int) hierarchy->width, (unsigned int) hierarchy->height); -+ free_xcf_hierarchy(hierarchy); -+ return 1; -+ } -+ - level = NULL; - for (i = 0; hierarchy->level_file_offsets[i]; i++) { - SDL_RWseek(src, hierarchy->level_file_offsets[i], RW_SEEK_SET); - |